IN THIS ISSUE
Public and Private Entities Face Significant Cybercrime Challenges
Cybercrime’s impact on the U.S. economy reflects billion-dollar losses and threatens national security, according to the recent Government Accountability Office study, Public and Private Entities Face Challenges in Addressing Cyber Threats. A 2005 Federal Bureau of Investigation (FBI) survey estimated the annual loss due to computer crime at US $67.2 billion. In addition, a coordinated cyber attack by U.S. adversaries, including terrorist organizations and nation-states, could result in a significant disruption in financial sectors, air traffic control, and electric power distribution. Terrorist organizations have raised money using cybercrime as well, according to FBI testimony.
To combat the growing threat of cybercrime, GAO says that the Department of Justice, Homeland Security, and Department of Defense, and the Federal Trade Commission, as well as state and local law enforcement entities, are responsible for protecting against and prosecuting those who commit cybercrime. Private businesses (e.g., software developers and Internet service providers) can assist by developing technology to detect and protect against cybercrime, and by aiding investigators in gathering evidence. Information-sharing partnerships between the public and private sector, both nationally and internationally, are also key in the efforts to fight cybercrime, according to the study.
The study acknowledged a number of challenges in addressing cyber threats, including those faced by law enforcement. One of the specific risks involves the FBI’s and Secret Service’s policies of rotating staff, which result in the agencies having a difficult time training and retaining personnel with the technological skills necessary to detect and prosecute cybercrime. GAO outlined these and other challenges in the following chart:
In conclusion, GAO gave specific recommendations to the Attorney General and the Secretary of Homeland Security to help ensure adequate law enforcement analytical and technical capabilities. In addition, the study reported that despite efforts to raise awareness among users, additional support is needed by both the public and private sectors to educate consumers and end-users in recognizing cyber attacks.
To download GAO’s report, click on http://www.gao.gov/new.items/d07705.pdf (PDF, 1.51 MB).
The Institute of Internal Auditors - 247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 U.S.A.
+1-407-937-1100 • Fax +1-407-937-1101 • www.theiia.org
All contents of this Web site, except where expressly stated, are the copyrighted property of The Institute of Internal Auditors Inc.